Prestashop and Heartbleed

Have you seen Heartbleed in the news, but you do not really understand it or how it might affect your shop? Let me take some time to explain what it is and how Heartbleed might affect your Prestashop site.  One thing to note is that Heartbleed is NOT a bug in Prestashop, it is a bug in your web server.


What is Heartbleed?

On a basic level Heartbleed is a bug in openSSL that could expose your private SSL key so hackers or other people could decrypt secure information sent to and from your server. OpenSSL is what is used in most Linux / Unix based servers to allow them to use SSL certificates. Think of it as a plugin for your web server so the server can use SSL certificates. What Heartbleed exploited is called a buffer over read. How that works is a request is sent to you server, but the request asks for more information back than it needs. With Heartbleed it would send the more information, this was a bad thing. The information could be passwords or other sensitive information happening on the server. Below is an xKCD comic that explains the situation pretty well.

Xkcd Heartbleed

Xkcd Heartbleed


How does Heartbleed affect Prestashop?

First, if your site does not use SSL, you are not affected by it, so do not worry about it. If your site does use SSL, you will need to test your site to see if the vulnerability has been patched by your host already. There will be a couple of tools you can use to check your site later in the article. If your site has been affected, contact your host and ask them to install the patch to fix openSSL on your server. Once your host has the patch installed, it is advisable to re-issue your SSL certificate just in case your encrypted key was stolen while the server was vulnerable. If you are unsure of how to re-issue the certificate, contact where you bought your certificate from and they will be able to help you re-issue it.


How to test for Heartbleed

These are the best tools I have found for testing your server for Heartbleed, all you have to do is enter your site address and they will let you know if your server is vulnerable.

Heartbleed Test

Heartbleed Checker



These tests have long since been discontinued, because of updates in server technology and server software. This bug no longer affects almost 100% of the servers online.

If you have any issues getting your server patched, please let us know we might be able to help out.


About the Author: Lesley Paone

Lesley has worked in e-commerce for over a decade, and is the founder of dh42. Starting out with PrestaShop and brancing out into other platforms like Shopify. He loves all things e-commerce and loves a challenge, in his spare time he helps moderate several forums on SEO, e-commerce, as well as the PrestaShop forum. If you have any questions for him about any of his articles just use our contact form to contact him.